mirror of
https://git.openldap.org/openldap/openldap.git
synced 2024-12-21 03:10:25 +08:00
227 lines
9.2 KiB
Plaintext
227 lines
9.2 KiB
Plaintext
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Network Working Group C. Weider
|
|||
|
Request for Comments: 1308 ANS
|
|||
|
FYI: 13 J. Reynolds
|
|||
|
ISI
|
|||
|
March 1992
|
|||
|
|
|||
|
|
|||
|
Executive Introduction to Directory Services
|
|||
|
Using the X.500 Protocol
|
|||
|
|
|||
|
Status of this Memo
|
|||
|
|
|||
|
This memo provides information for the Internet community. It does
|
|||
|
not specify an Internet standard. Distribution of this memo is
|
|||
|
unlimited.
|
|||
|
|
|||
|
Abstract
|
|||
|
|
|||
|
This document is an Executive Introduction to Directory Services
|
|||
|
using the X.500 protocol. It briefly discusses the deficiencies in
|
|||
|
currently deployed Internet Directory Services, and then illustrates
|
|||
|
the solutions provided by X.500.
|
|||
|
|
|||
|
This FYI RFC is a product of the Directory Information Services
|
|||
|
(pilot) Infrastructure Working Group (DISI). A combined effort of
|
|||
|
the User Services and the OSI Integration Areas of the Internet
|
|||
|
Engineering Task Force (IETF).
|
|||
|
|
|||
|
1. INTRODUCTION
|
|||
|
|
|||
|
The Internet is growing at a phenomenal rate, with no deceleration in
|
|||
|
sight. Every month thousands of new users are added. New networks
|
|||
|
are added literally almost every day. In fact, it is entirely
|
|||
|
conceivable that in the future every human with access to a computer
|
|||
|
will be able to interact with every other over the Internet and her
|
|||
|
sister networks. However, the ability to interact with everyone is
|
|||
|
only useful if one can locate the people with whom they need to work.
|
|||
|
Thus, as the Internet grows, one of the limitations imposed on the
|
|||
|
effective use of the network will be determined by the quality and
|
|||
|
coverage of Directory Services available.
|
|||
|
|
|||
|
Directory Services in this paper refers not only to the types of
|
|||
|
services provided by the telephone companies' White Pages, but to
|
|||
|
resource location, Yellow Pages services, mail address lookup, etc.
|
|||
|
We will take a brief look at the services available today, and at the
|
|||
|
problems they have, and then we will show how the X.500 standard
|
|||
|
solves those problems.
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
DISI Working Group [Page 1]
|
|||
|
|
|||
|
RFC 1308 Executive Intro to X.500 March 1992
|
|||
|
|
|||
|
|
|||
|
2. CURRENT SERVICES AND THEIR LIMITATIONS
|
|||
|
|
|||
|
In the interests of brevity, we will only look at the WHOIS service,
|
|||
|
and at the DNS. Each will illustrate a particular philosophy, if you
|
|||
|
will, of Directory Services.
|
|||
|
|
|||
|
The WHOIS service is maintained by the Defense Data Network Network
|
|||
|
Information Center, or DDN NIC. It is currently maintained at GSI
|
|||
|
for the IP portion of the Internet. It contains information about IP
|
|||
|
networks, IP network managers, a scattering of well-known personages
|
|||
|
in the Internet, and a large amount of information related
|
|||
|
specifically to the MILNET systems. As the NIC is responsible for
|
|||
|
assigning new networks out of the pool of IP addresses, it is very
|
|||
|
easily able to collect this information when a new network is
|
|||
|
registered. However, the WHOIS database is big enough and
|
|||
|
comprehensive enough to exhibit many of the flaws of a large
|
|||
|
centralized database. First, centralized location of the WHOIS
|
|||
|
database causes slow response during times of peak querying activity,
|
|||
|
storage limitations, and also causes the entire service to be
|
|||
|
unavailable if the link to GSI is broken. Second, centralized
|
|||
|
administration of the database, where any changes to the database
|
|||
|
have to be mailed off to GSI for human transcription into the
|
|||
|
database, increases the turnaround time before the changes are
|
|||
|
propagated, and also introduces another source of potential error in
|
|||
|
the accuracy of the information. These particular problems affect to
|
|||
|
different degrees any system which attempts to provide Directory
|
|||
|
Services through a centralized database.
|
|||
|
|
|||
|
The Domain Name Service, or DNS, contains information about the
|
|||
|
mapping of host and domain names, such as, "home.ans.net", to IP
|
|||
|
addresses. This is done so that humans can use easily remembered
|
|||
|
names for machines rather than strings of numbers. It is maintained
|
|||
|
in a distributed fashion, with each DNS server providing nameservice
|
|||
|
for a limited number of domains. Also, secondary nameservers can be
|
|||
|
identified for each domain, so that one unreachable network will not
|
|||
|
necessarily cut off nameservice. However, even though the DNS is
|
|||
|
superlative at providing these services, there are some problems when
|
|||
|
we attempt to provide other Directory Services in the DNS. First, the
|
|||
|
DNS has very limited search capabilities. Second, the DNS supports
|
|||
|
only a small number of data types. Adding new data types, such as
|
|||
|
photographs, would involve very extensive implementation changes.
|
|||
|
|
|||
|
3. THE X.500 SOLUTION
|
|||
|
|
|||
|
X.500 is a CCITT protocol which is designed to build a distributed,
|
|||
|
global directory. It offers the following features:
|
|||
|
|
|||
|
* Decentralized Maintenance:
|
|||
|
|
|||
|
|
|||
|
|
|||
|
DISI Working Group [Page 2]
|
|||
|
|
|||
|
RFC 1308 Executive Intro to X.500 March 1992
|
|||
|
|
|||
|
|
|||
|
Each site running X.500 is responsible ONLY for its local part of
|
|||
|
the Directory, so updates and maintenance can be done instantly.
|
|||
|
|
|||
|
* Powerful Searching Capabilities:
|
|||
|
X.500 provides powerful searching facilities that allow users to
|
|||
|
construct arbitrarily complex queries.
|
|||
|
|
|||
|
* Single Global Namespace:
|
|||
|
Much like the DNS, X.500 provides a single homogeneous namespace
|
|||
|
to users. The X.500 namespace is more flexible and expandable
|
|||
|
than the DNS.
|
|||
|
|
|||
|
* Structured Information Framework:
|
|||
|
X.500 defines the information framework used in the Directory,
|
|||
|
allowing local extensions.
|
|||
|
|
|||
|
* Standards-Based Directory Services:
|
|||
|
As X.500 can be used to build a standards-based directory,
|
|||
|
applications which require directory information (e-mail,
|
|||
|
automated resources locators, special-purpose directory tools)
|
|||
|
can access a planet's worth of information in a uniform manner,
|
|||
|
no matter where they are based or currently running.
|
|||
|
|
|||
|
With these features alone, X.500 is being used today to provide the
|
|||
|
backbone of a global White Pages service. There is almost 3 years of
|
|||
|
operational experience with X.500, and it is being used widely in
|
|||
|
Europe and Australia in addition to North America. In addition, the
|
|||
|
various X.500 implementations add some other features, such as
|
|||
|
photographs in G3-FAX format, and color photos in JPEG format.
|
|||
|
However, as X.500 is standards based, there are very few
|
|||
|
incompatibilities between the various versions of X.500, and as the
|
|||
|
namespace is consistent, the information in the Directory can be
|
|||
|
accessed by any implementation. Also, work is being done in providing
|
|||
|
Yellow Pages services and other information resource location tasks
|
|||
|
in the Directory.
|
|||
|
|
|||
|
However, there are some limitations to the X.500 technology as it is
|
|||
|
currently implemented. One price that is paid for the flexibility in
|
|||
|
searching is a decline in the speed of the searching. This is because
|
|||
|
a) searches over a part of the distributed namespace may have to
|
|||
|
traverse the network, and some implementations cache all the
|
|||
|
responses before giving them to the user, and b) some early
|
|||
|
implementations performed search slowly anyway. A second problem with
|
|||
|
the implementations is that for security reasons only a limited
|
|||
|
amount of information is returned to the user; for example, if a
|
|||
|
search turns up 1000 hits, only 20 or so are returned to the user.
|
|||
|
Although this number is tunable, it does mean that someone with a big
|
|||
|
search will have to do a lot of work. The performance of the
|
|||
|
|
|||
|
|
|||
|
|
|||
|
DISI Working Group [Page 3]
|
|||
|
|
|||
|
RFC 1308 Executive Intro to X.500 March 1992
|
|||
|
|
|||
|
|
|||
|
Directory, while increasing rapidly in the last two years, is still
|
|||
|
not able to provide real-time directory services for such things as
|
|||
|
routing protocols. However, work is being done to speed up service.
|
|||
|
|
|||
|
The X.500 Directory is taking us closer to the day when we will
|
|||
|
indeed have the entire world on our desktops, and X.500 will help
|
|||
|
insure that we can find whom and what we need.
|
|||
|
|
|||
|
4: FOR FURTHER INFORMATION
|
|||
|
|
|||
|
For a more detailed technical introduction to X.500 and an extensive
|
|||
|
bibliography, see "Technical Overview of Directory Services Using the
|
|||
|
X.500 Protocol", by Weider, Reynolds, and Heker. This is available
|
|||
|
from the NIC as FYI 14, RFC 1309. For a catalogue of X.500
|
|||
|
implementations, see "A Catalog of Available X.500 Implementations",
|
|||
|
ed. Lang and Wright. This is available from the NIC as FYI 11, RFC
|
|||
|
1292.
|
|||
|
|
|||
|
5: SECURITY CONSIDERATIONS
|
|||
|
|
|||
|
Security issues are not discussed in this paper.
|
|||
|
|
|||
|
6: AUTHORS' ADDRESSES
|
|||
|
|
|||
|
Chris Weider
|
|||
|
Advanced Network and Services, Inc.
|
|||
|
2901 Hubbard, G-1
|
|||
|
Ann Arbor, MI 48105-2437
|
|||
|
|
|||
|
Phone (313) 663-2482
|
|||
|
E-mail: weider@ans.net
|
|||
|
|
|||
|
Joyce K. Reynolds
|
|||
|
Information Sciences Institute
|
|||
|
University of Southern California
|
|||
|
4676 Admirality Way
|
|||
|
Marina del Rey, CA 90292
|
|||
|
|
|||
|
Phone: (310) 822-1511
|
|||
|
E-Mail: jkrey@isi.edu
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
DISI Working Group [Page 4]
|
|||
|
|